Types of Snort Rules- For the rules in this section, determine the typeof rule, the Sort configlocationwhere
Question:
Types of Snort Rules- For the rules in this section, determine the typeof rule, the Sort configlocationwhere you would find the rule (/etc/nsm/rules, threshold.conf, etc), and describe what the rule does.
5) alerttcp$EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"SQLSA BFL";content:"[02]"; content:"sa";depth:2;offset:39;nocase;reference:bugtraq,4797;reference:nessus,10673;sid:3542;rev:7;)
6) alerttcp$HOME_NET any -> $EXTERNAL_NET 5222 (msg:"GPL CHATMISCTraffic"; flow:to_server, established; content:"
7) event_filter gen_id 1,sig_id 2002949, type limit, track by_src, count 1, seconds 300
8) suppress gen_id 2,sig_id 1001001, track by_src,ip10.1.2.252
9)alerttcp$EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET Scan";flow:to_server,established: content:"User-Agent|3a|sqlmap"; fast_pattern:only;http_header; detection_filter:track by_dst,count 4, seconds 20;reference:url,sqlmap.sourceforege.net;sid:2008538;rev:8;)